PT-2018-9405 · WordPress · Wp User Groups
Mallory Adams
·
Published
2018-06-26
·
Updated
2018-08-30
·
CVE-2018-1000507
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
WP User Groups versions 2.0.0 through 2.1.0
Description
The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability in the Settings page, which can be exploited to modify user groups and types. This can occur when an Admin clicks on a malicious link.
Recommendations
For WP User Groups versions 2.0.0 through 2.1.0, update to version 2.1.1 to resolve the issue.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp User Groups